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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE MONTH(S) FROM 



THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )(3 Responsive to communication(s) filed on 22 June 2001 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 1-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) (3 Claim(s) 1-11 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on [ is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-11 have been examined. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 1 and 6 are rejected under 35 U.S. C. 101 because the claimed invention is 
directed to non-statutory subject matter. The claims are directed to a process that does nothing 
more than manipulate an abstract idea. There is no practical application in the technological arts. 
All that is necessary to make a sequence of operational steps a statutory process within 35 U.S.C 
101 is that it be in the technological arts so as to be in consonance with the Constitutional 
purpose to promote the progress of "useful arts." In re Musgrave, 43 1 F.2d 882, 167 USPQ 280 
(CCPA 1970). Also, a claim is limited to a practical application when the method, as claimed, 
produces a concrete, tangible and useful result: i.e. the method recites a step or act of producing 
something that is concrete, tangible and useful. See AT&T v. Excel Communications Inc., 172 
R3d at 1358, 50 USPQ2dat 1452. . 

Claim Objections 

3. Claim 6 objected to because of the following informalities: undefined acronym, change 
BIN to "bank identification number (BIN)" in line 2. Appropriate correction is required. 
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Claim Rejections - 35 USC § 103 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Publication 
NO. 2003/0120615 to Kuo in view of US Patent No. 5724424 to Gifford. 

Kuo discloses generating a secret key associated with said payment account number, 
using said secret key to generate a message authentication code specific to said transaction (see 
abstract, paragraph [0055], lines 3-6), generating an authorization request message including said 
message authentication code, forwarding said authorization request message over said payment 
network to said check site for verifying the authenticity of said message authentication code, and 
responding to said authorization request message over said payment network based on said 
available funds and said transaction amount (see paragraph [0014]). Kuo does not expressly 
disclose verifying the message authentication code by said check site using said secret key. 
Gifford discloses verifying the message authentication code by said check site using said secret 
key (see col. 6, lines 50-52, 64 and 65; col. 10, lines 30-52). At the time the invention was made, 
it would have been obvious to a person of ordinary skill in the art to modify the method disclose 
by Kuo to include the step of verifying the message authentication code by said check site using 
said secret key. One of ordinary skill in the art would have been motivated to do this it provides 
an additional level of data security. 
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6. Claims 2-5 are rejected under 35 U.S.C. 103(a) as being unpatentable over Kuo and 
Gifford as applied to claim 1 above, and further in view of US Publication NO. 2001/0034720 to 
Armes. 

Kuo discloses an authorization request (see claim 1 above). Kuo does not expressly 
disclose the request message is routed over said payment network based on a special 
identification number corresponding to said check site. Armes discloses request message is 
routed over said payment network based on a special identification number corresponding to said 
check site, (see paragraph [0082]). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the method disclose by Kuo to include 
the step wherein the request message is routed over said payment network based on a special 
identification number corresponding to said check site. One of ordinary skill in the art would 
have been motivated to ensures that the proper bank/issuer receives the request; hence, 
preventing an unauthorized bank/issuer from accessing the request. 

Referring to claim 3, Kuo discloses generating a secret key (see claim 1 above). Kuo 
does not expressly disclose providing software at a user location for generating said secret key. 
Gifford discloses providing software at a user location for generating said secret key (see col. 5, 
lines 60-67; col. 6, lines 1,2 and col. 10, lines 30-53). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Kuo to include the step of providing software at a user location for generating said secret key. 
One of ordinary skill in the art would have been motivated to do this because it provides a way to 
effectively combat consumer fraud (see Kuo, paragraph [0017]). 
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Referring to claim 4, Kuo discloses the payment account number is issued by an issuer 
and said response is provided by said issuer (see paragraph [0014]). 

Referring to claim 5, Kuo discloses an authorization request message (see claim 1 above). 
Kuo does not expressly disclose the message includes an expiration date field and said message 
authentication code is placed in said expiration date field. Gifford discloses the message 
includes an expiration date field (i.e. "valid time period") and said message authentication code 
is placed in said expiration date field (see col. 6, lines 3-49; col. 10, lines 30-53). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to modify 
the method disclose Kuo to include the step wherein the messages includes an expiration date 
field and said message authentication code is placed in said expiration date field. One of ordinary 
skill in the art would have been motivated to do this because it provides a way to effectively 
combat consumer fraud (see Kuo, paragraph [0017]). 

7. Claims 6-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over Kuo and 
Gifford in view of Armes. 

Kuo disclose generating a per-card key associated with said payment account number, 
generating a message authentication code (MAC) using said per-card key, generating a MAC 
verification request including said payment account number and said MAC (see abstract, [0014] 
and [0055]). Kuo does not expressly disclose verifying said MAC, based on said verification, 
creating an expected transaction sequence number (ETSN) for said MAC, providing said check 
site with reference data associated with said ETSN, generating a second message authentication 
code using said ETSN and said per-card key, routing said second message authentication code to 
said check site based on said BIN associated with said check site, determining said per-card key 
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associated with the payment account number of an unverified message authentication code 
having associated ETSN and reference data, and verifying said second message authentication 
code by said check site using said determined per-card key, and said associated ETSN and 
reference data. Armes disclose routing said second message authentication code to said check 
site based on said BIN associated with said check site (see paragraph [0082]). Gifford discloses 
verifying said MAC (see co. 10, liens 30-52), based on said verification, creating an expected 
transaction sequence number (ETSN), i.e. "next expected string", for said MAC, providing said 
check site with reference data (i.e. "transaction identifier") associated with said ETSN, 
generating a second message authentication code using said ETSN and said per-card key, 
determining said per-card key associated with the payment account number of an unverified 
message authentication code having associated ETSN and reference data, verifying said second 
message authentication code by said check site using said determined per-card key, sand said 
associated ETSN and reference data (see col 11, lines 33-44; col. 5,lines 51-57) Notice, Gifford 
teaches a database that "can hold for each sender a list of random authorization strings, or can 
hold a sender specific secret key that was used to generate the list of authentication strings 
along", which implies that a 2 nd , 3 rd . . . .n message authentication code can be generated and 
verified. Thus, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the method disclose by Kuo to include the steps of verifying 
said MAC, based on said verification, creating an expected transaction sequence number (ETSN) 
for said MAC, providing said check site with reference data associated with said ETSN, 
generating a second message authentication code using said ETSN and said per-card key, routing 
said second message authentication code to said check site based on said BIN associated with 
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said check site, determining said per-card key associated with the payment account number of an 
unverified message authentication code having associated ETSN and reference data, and 
verifying said second message authentication code by said check site using said determined per- 
card key, and said associated ETSN and reference data. One of ordinary skill in the art would 
have been motivated to do this because it provides an additional level of security for the 
transported data. 

Referring to claim 7, Kuo discloses generating a message authentication code (see claim 
6 above). Kuo does not expressly disclose converting said second message authentication code 
into a pseudo expiration data using said reference data, generating an authorization request 
having an expiration date field containing said pseudo expiration date and responding to said 
authorization request and verifying said second message authentication code based on said 
pseudo expiration date. Armes discloses converting said second message authentication code 
into a pseudo expiration data using said reference data (see paragraph [0056]), generating an 
authorization request having an expiration date field containing said pseudo expiration date (see 
paragraph [0059], lines 37-57; [0070] and [0073]) and responding to said authorization request 
and verifying said second message authentication code based on said pseudo expiration date (see 
paragraph [0085]). At the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to modify the method disclose by Kuo to include the steps of 
converting said second message authentication code into a pseudo expiration data using said 
reference data, generating an authorization request having an expiration date field containing 
said pseudo expiration date and responding to said authorization request and verifying said 
second message authentication code based on said pseudo expiration date. One of ordinary skill 
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in the art would have been motivated to do this because this because provides additional level of 
security to the transmitted data and reduces the incentive for stealing the payment account data 

Referring to claim 8, Kuo discloses generating a message authentication code (see claim 
6 above). Kuo does not expressly disclose the message authentication code further includes 
using an expiration date, application version number and transaction sequence number associated 
with said payment account number. However, this difference is only found in the nonfunctional 
descriptive material and is not functionally involved in the step recited. The generating a 
message authentication code using said per-card key would be performed the same regardless of 
the data. Thus, the descriptive material will not distinguish the claimed invention form the prior 
art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. 
Cir. 1983); In re Lowry, 32F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would 
have obvious to a person of ordinary skill in the art at the time the invention was made generate a 
message authentication code including any type of data because such data does not functionally 
relate to the steps in the method. 

Referring to claim 9, Kuo discloses generating a MAC verification request (see claim 6 
above). Kuo does not expressly disclose the MAC verification request further includes said 
application number and said expiration date. However, this difference is only found in the 
nonfunctional descriptive material and is not functionally involved in the step recited. The 
generating a MAC verification request including said payment account number and said MAC 
would be performed the same regardless of the data. Thus, the descriptive material will not 
distinguish the claimed invention form the prior art in terms of patentability, see In re Gulack, 
703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32F.3d 1579, 32 
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USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would have obvious to a person of ordinary skill in 
the art at the time the invention was made generate MAC verification request including any type 
of data because such data does not functionally relate to the steps in the method. 

Referring to claim 10, Kuo discloses generating a MAC using a per-card key, and 
generating a MAC verification request (see claim 6 above). Kuo does not expressly disclose 
verifying a MAC, wherein said step of verifying said MAC includes using said per-card key. 
Gifford discloses verifying a MAC, wherein said step of verifying said MAC includes using said 
per-card key (see col. 6, lines 50-52, 64,65; col. 10, lines 30-52). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to modify the method 
disclose by Kuo to include the step of verifying the MAC includes using said per-card key. One 
of ordinary skill in the art would have been motivated to do this it provides an additional level of 
data security. 

Referring to claim 1 1, Gifford discloses providing said check site with reference data 
associated with said ETSN (see claim 6 above). Gifford does not expressly disclose said 
reference data includes a number of months indicator. However, this difference is only found in 
the nonfunctional descriptive material and is not functionally involved in the step recited. The 
providing said check site with reference data would be performed the same regardless of the 
data. Thus, the descriptive material will not distinguish the claimed invention form the prior art 
in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 
1983); In re Lowry, 32F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would have 
obvious to a person of ordinary skill in the art at the time the invention was made provide said 
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check site with reference data, the reference data including any type of information because such 
data does not functionally relate to the steps in the method. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 703-305-0057. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306, 703-746-9443 for 
Non-Official/Draft. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 



Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal Drive, 
Arlington, V.A., Seventh floor receptionist. 



Commissioner of Patents and Trademarks 



PO Box 1450 
Alexandria, VA 22313-1450 
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February 18, 2004 



